The average time to patch a critical security hole went down from 17 days in 2012 to 11 days in 2013, say researchers at High Tech Bridge. That's definitely better, but there's still plenty of room for improvement. Read More »

A flaw in the Android kernel on some Samsung devices can expose those handsets to attack from malicious apps, according to a post on a mobile developer forum over the weekend. However, it affects only a small subset of US-based devices. Read More »

It's a little unusual to see a remote code execution in Word and other Office applications getting the "critical" rating, said Wolfgang Kandek, CTO of Qualys. Microsoft generally downgrades those vulnerabilities, no matter how serious, to "Important" because the user still needs to do something, such as opening the file, in order to trigger the attack, Kandek said. Read More »

Microsoft released a Fix-It tool to temporarily fix the zero-day vulnerability in Internet Explorer today, and promised an emergency patch on Friday. A security researcher stumbled upon attack code on a compromised server over the weekend targeting a zero-day vulnerability in Internet Explorer. The drive-by download attack was triggered by a use-after-free flaw which was present in all versions of Internet Explorer, except IE 10. Security researchers recommended users stop using IE entirely until the flaw was patched. Read More »

Symantec's Security Technology and Response team reports on a couple of especially interesting recent threats. One can blow through all of your printer's paper printing nonsense; the other can serve up every detail of your computer's use to a government agency. Read More »

The CVE-2012-3132 vulnerability in Oracle databases allows attackers to gain complete control of the affected server, David Litchfield, chief security architect with Accuvant Labs, said at Black Hat. A number of Oracle products are affected, since many of them include the Oracle Database Server component, Oracle said in its advisory. Oracle Fusion Middleware, Oracle Enterprise Manager, and Oracle E-Business Suite all need to be patched. Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 are affected. Read More »

The Federal Bureau of Investigation warned travelers to watch out for malware when connecting to the wireless network at their hotels. Masquerading as a software update to "widely-used software," the malware displays a pop-up window when the guest tries to connect to the hotel's wireless network, the Internet Crime Complaint Center warned in an Intelligence Note. Read More »

Automatic Renewal Program: Your subscription will continue without interruption for as long as you wish, unless
you instruct us otherwise. Your subscription will automatically renew at the end of the term unless you authorize
cancellation. Each year, you'll receive a notice and you authorize that your credit/debit card will be charged the
annual subscription rate(s). You may cancel at any time during your subscription and receive a full refund on all
unsent issues. If your credit/debit card or other billing method can not be charged, we will bill you directly instead. Contact Customer Service

//Stay Connected

Get Product Reviews, Deals, & the Latest News from PCMag

sign up

Plus, get a free copy of PCMag for your iPhone or iPad today.

Offer valid for new PCMag app downloads only. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy.

THANK YOU FOR SUBSCRIBING!

Please follow this link (or search for the PC Magazine app on your iPad or iPhone) to get your free issue. Offer valid for new app downloads.